Breached health insurer won't pay ransom to protect customers, warns of more attacks Australian health insurer Medibank – which spent October discovering a security incident was worse than it first thought – has announced it will not pay a ransom to attackers that made off with personal info describing nearly ten million customers. "Based on the extensive advice we have received from cyber crime experts we …
> We've got to make this kind of thing unprofitable, or it'll never go away. Paying them just proves it's worth their time.
I think it should be turned around. Whatever the amount of the ransom demand is instead should be put up as a bounty on the heads of the hackers, dead* or alive.
----------------------------------------------------------------------------
* figuratively. I'm pretty sure it'd be illegal to put that sort of reward up. But, rather, "information leading to the arrest and conviction of".
> And that is called paying the Dane-geld;
err, no, no it's not.
Paying the ransom would be paying the Dane-geld.
That is not what I said. In fact that's the complete opposite of what I said.
I was, and am, advocating taking that money and instead using it to fund hunting down and killing (if we are sticking with the Viking-age metaphor, not literally) those that are demanding a Dane-geld. Making it a deadly business to be in.
It would generally be illegal for a private entity to put that sort of reward up, yes. But the government could do it. (Whether they should is more complicated even if we can all agree that they deserve it.)
Indeed, the Australian government is currently providing lethal aid for Ukraine; doing in Russian ransomware operators is a third-level effect of doing in the Russian Armed Forces and not a direct goal, but it doesn't matter whether the cat is black or white so long as it catches mice.
This post has been deleted by its author
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
